[SECURITY] Fedora 20 Update: python-djblets-0.7.30-2.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 17 23:24:28 UTC 2014
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-7223
2014-06-10 01:56:08
--------------------------------------------------------------------------------
Name : python-djblets
Product : Fedora 20
Version : 0.7.30
Release : 2.fc20
URL : http://www.review-board.org
Summary : A collection of useful classes and functions for Django
Description :
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
Fixes two XSS vulnerabilities in Djblets (used by Review Board)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 7 2014 Stephen Gallagher <sgallagh at redhat.com> 0.7.30-2
- Drop upstreamed patch
* Fri Jun 6 2014 Stephen Gallagher <sgallagh at redhat.com> 0.7.30-1
- New upstream security release 0.7.30
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.30.NEWS
* Wed Apr 9 2014 Stephen Gallagher <sgallagh at redhat.com> 0.7.29-1
- New upstream release 0.7.29
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.29.NEWS
* Fri Feb 21 2014 Stephen Gallagher <sgallagh at redhat.com> 0.7.28-2
- Generate requires.txt with values appropriate for Fedora
* Thu Jan 2 2014 Stephen Gallagher <sgallagh at redhat.com> - 0.7.28-1
- New upstream release 0.7.28
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.28.NEWS
* djblets.auth:
* Fixed HTTP 500 errors when failing to save the registration form
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.7.27-1
- New upstream release 0.7.27
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.25.NEWS
* djblets.auth:
* Added some human-readable labels for RegistrationForm.
* RegistrationForm subclasses that make use of fields that normalize to
non-strings no longer fail to save.
* djblets.webapi:
* Usernames with plus signs in them are now matched in the API.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.26.NEWS
* djblets.util.fields:
* Fixed JSONField in the administration UI.
* djblets.webapi:
* Added support for web API authentication backends.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.27.NEWS
* Fixed a regression with the new webapi auth backend support
* Wed Nov 27 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.7.24-1
- New upstream release 0.7.24
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.24.NEWS
* djblets.util.http:
* Fixed ETag matching
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1106845 - CVE-2014-3994 python-djblets: XSS Vulnerability in Djblets json_dumps()
https://bugzilla.redhat.com/show_bug.cgi?id=1106845
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-djblets' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list